From 8d47f715ca63388f2dcbcdf3f2ccdb44e7d47b93 Mon Sep 17 00:00:00 2001
From: Michal Zidek <mzidek@redhat.com>
Date: Wed, 10 Sep 2014 12:56:54 +0200
Subject: Use the alternative objectclass in group maps.

Use the alternative group objectclass in queries.

Fixes:
https://fedorahosted.org/sssd/ticket/2436

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 7ba70236daccb48432350147d0560b3302518cee)
(cherry picked from commit 9e99c000a4e2647328e71b4db272b4b73a7189c5)
---
 src/providers/ldap/ldap_id.c | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

(limited to 'src/providers/ldap/ldap_id.c')

diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c
index 2d1ba5b5a..842381517 100644
--- a/src/providers/ldap/ldap_id.c
+++ b/src/providers/ldap/ldap_id.c
@@ -539,6 +539,7 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx,
     enum idmap_error_code err;
     char *sid;
     const char *member_filter[2];
+    char *oc_list;
 
     req = tevent_req_create(memctx, &state, struct groups_get_state);
     if (!req) return NULL;
@@ -645,21 +646,26 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx,
         goto fail;
     }
 
+    oc_list = sdap_make_oc_list(state, ctx->opts->group_map);
+    if (oc_list == NULL) {
+        DEBUG(SSSDBG_CRIT_FAILURE, "Failed to create objectClass list.\n");
+        ret = ENOMEM;
+        goto fail;
+    }
+
     if (state->use_id_mapping || filter_type == BE_FILTER_SECID) {
         /* When mapping IDs or looking for SIDs, we don't want to limit
          * ourselves to groups with a GID value
          */
 
         state->filter = talloc_asprintf(state,
-                                        "(&(%s=%s)(objectclass=%s)(%s=*))",
-                                        attr_name, clean_name,
-                                        ctx->opts->group_map[SDAP_OC_GROUP].name,
+                                        "(&(%s=%s)(%s)(%s=*))",
+                                        attr_name, clean_name, oc_list,
                                         ctx->opts->group_map[SDAP_AT_GROUP_NAME].name);
     } else {
         state->filter = talloc_asprintf(state,
-                                        "(&(%s=%s)(objectclass=%s)(%s=*)(&(%s=*)(!(%s=0))))",
-                                        attr_name, clean_name,
-                                        ctx->opts->group_map[SDAP_OC_GROUP].name,
+                                        "(&(%s=%s)(%s)(%s=*)(&(%s=*)(!(%s=0))))",
+                                        attr_name, clean_name, oc_list,
                                         ctx->opts->group_map[SDAP_AT_GROUP_NAME].name,
                                         ctx->opts->group_map[SDAP_AT_GROUP_GID].name,
                                         ctx->opts->group_map[SDAP_AT_GROUP_GID].name);
-- 
cgit